Security Risk & Compliance Manager
TrueContext, formerly ProntoForms
full-time
Posted on:
Location Type: Hybrid
Location: Ottawa • 🇨🇦 Canada
Visit company websiteJob Level
JuniorMid-Level
Tech Stack
CloudSDLC
About the role
- Lead end-to-end completion of customer security questionnaires, RFIs, and due diligence requests, coordinating inputs from engineering, security, and leadership to ensure accurate and consistent responses
- Maintain and continuously improve a reusable library of standard security answers, architecture descriptions, and supporting evidence mapped to SOC 2 and related frameworks
- Own the third-party/vendor security lifecycle: intake, risk triage, detailed security assessments for higher-risk vendors, ongoing monitoring, and periodic reassessment
- Review vendor SOC 2 reports and other attestations, identify issues or exceptions, document risk, and drive agreed mitigation actions with internal owners
- Coordinate the company’s SOC 2 program activities, including control mapping, evidence collection, tracking remediation items, and preparing for audits
- Partner with engineering teams to understand system design, data flows, and operational practices, translating technical details into clear security and compliance narratives
- Provide security and compliance input on contracts and DPAs, working with Legal and Procurement on security clauses, data protection requirements, and vendor obligations
- Define and track practical metrics (e.g., questionnaire volume/SLAs, vendor risk tiers, open remediation items) and report status and risks
- Educate Sales, Customer Success, and other go-to-market teams on security positioning, SOC 2 scope, and standard responses
Requirements
- 2–5 years of experience in information security, risk management, compliance, or related roles, ideally in a SaaS or cloud-native environment
- Direct experience with customer security questionnaires and vendor risk assessments, including reading SOC 2 reports and other security attestations
- Solid understanding of SOC 2 principles and common security controls (access management, encryption, logging/monitoring, SDLC, incident response, business continuity)
- Ability to interact confidently with senior engineers, translate between technical and non-technical audiences, and influence without direct authority
- Strong written and verbal communication skills with an emphasis on clarity, consistency, and reusability of security and compliance messaging
- Experience with GRC, vendor risk, or compliance platforms (e.g., SOC 2 automation tools, vendor risk management tools) is an asset
Benefits
- Company-wide & team social events
- Wellness yearly allowance
- Annual learning allowance
- Great time off benefits (4 weeks of vacation + 2 True2ME days + 1 TrueCrewCares day)
- Summer FriYAYs (every other Friday off from Victoria Day until Labour Day)
- Catered lunches 2x per week
- An amazing office space with plenty of snacks, drinks, and space to collaborate
- Hybrid work environment (3 days a week in the office)
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
information securityrisk managementcompliancevendor risk assessmentsSOC 2 principlessecurity controlsaccess managementencryptionincident responsebusiness continuity
Soft skills
communication skillsinfluence without authorityclarityconsistencyreusabilityinterpersonal skillscollaborationproblem-solvingeducational skillstechnical translation